U.S. and international authorities last week were tracking an international debit card ring that has apparently gained access to customer databases at two national retailers and used the accounts to manufacture phony debit cards on those individuals' names.
The cards are being used to make transactions and cash withdrawals from dozens of credit unions and banks from locations all over the globe, in Russia, Lithuania, Ukraine, South Korea, Spain, England and the U.S.
Several area credit unions have begun blocking certain cards and replacing them over the last few months in response to the international fraud, including The Golden 1 CU, Educational Employees CU and United Local CU, as well as area banking giants Bank of America, Wells Fargo and Washington Mutual, authorities said. As many as 200,000 accounts may have been compromised, they said. The thieves are believed to have obtained names, debit card numbers and PINs.
Educational Employees CU said it was notified by authorities that two national retailers with stores in the area were being investigated for possibly having their customer databases breached. "Any debit card at these stores with PIN-based transactions would be subject to misuse," said Scott Ingram, a spokesperson at the $1-billion credit union. EECU identified members who conducted transactions at the two stores, about 4,200, and put an immediate block on their accounts and reissued new debit cards.
A 24-Hour Period
Overseas criminals were able to steal about $22,000 from EECU members, and then attempted another $33,000 worth of transactions from these accounts. "All of this happened within a 24-hour period," said Ingram, identifying Jan. 30 as the day.
EECU members are not liable for any of the transactions if they are the result of fraud, Ingram said.
Police in nearby Clovis, Calif., said members and customers from several area credit unions and banks had contacted them about the debit card thefts and the list was growing last week.
"A lot of people who came into the station have either checked their accounts online; others have been notified by their financial institution," said Janet Stoll-Lee, spokesman for the Clovis Police Department.
Authorities were believed to be investigating transactions at OfficeMax and the Sam's Club unit of Wal-Mart Stores to determine if their databases were hacked. A spokesman at OfficeMax said last week they do not believe their system had been invaded, but they are cooperating with authorities on the investigation. A spokesman at Wal-Mart did not return phone calls.
More Improper Transactions
The new debit card case comes as credit unions elsewhere were reporting that member accounts were being accessed for transactions overseas. An official at Central Florida Educators CU, in Orlando, said at least two-dozen members had reported improper transactions on their accounts coming from Russia and the Ukraine the week before, prompting the credit union to begin blocking accounts and issuing new cards.
And Aggieland CU, in Bryan, Texas, reported that more than 30 of its members reported illegal transactions on their accounts from Russia and Lithuania and New York City, prompting them to cancel the cards and issue new ones.
But law enforcement authorities said they do not believe the Florida and Texas cases were related to the one in California, even though some of the funds were being drained from Eastern Europe. "They're different cases," said one individual involved in the investigation.
